How to enable secure LDAP between inSync AD connector and domain controller
You can use Active Directory (AD) with secure Lightweight Directory Access Protocol (LDAP) to manage inSync users of your organization.
Note: Secure Lightweight Directory Access Protocol (LDAP) requires a properly formatted X.509 certificate on all your Windows DCs. This certificate lets a DC's LDAP service listen for and automatically accept SSL connections for LDAP traffic. Secure Lightweight Directory Access Protocol (LDAP) will work with inSync AD Connector server only when this is enabled in the AD/LDAP server.
To enable secure LDAP between your AD/LDAP server and inSync AD connector, complete the following steps:
On the inSync Management Console menu bar, click Users and then click Deployment on the left pane.
On the AD/LDAP page, click the Accounts tab. The list of all the registered AD/LDAP Accounts is displayed.
Click Register AD/LDAP Account. The Register AD/LDAP Account window appears.
- Select the Use secure connection check box If you want to access your AD/LDAP through an HTTPS connection.
- Fill in the following fields:
Directory Service Type
Select the directory service type that you want to register with inSync Cloud.
Available directory service types are as follows:
- Microsoft AD
- LDAP (others), are other services using LDAP protocol, including OpenLDAP - an open-source implementation.
Select the name of the inSync Connector that inSync must use to connect your AD/LDAP with inSync Cloud.
Type the hostname of the server where the global catalog or the domain controller is available.
Type the port number required to access your AD/LDAP.
If you are registering the AD/LDAP by using its domain controller details, you must use 636 as the port number for a secure connection or 389 as the port number for a non-secure connection.
If you are registering the AD/LDAP by using Global Catalog server details, you must use 3289 as the port number for a secure connection or 3268 as the port number for a non-secure connection.
Use secure connection
If you want to access your AD/LDAP through an HTTPS connection, select this check box.
If you are registering LDAP as the Directory Service, you must enter the following Attribute Mapping details.
Type the LDAP attribute that should map to inSync email address.
inSync Username Type the LDAP attribute that should map to inSync username. Logon Name This is the distinguished name of the user. This is used as username for LDAP based authentication.
Click Register. The AD/LDAP is registered with inSync Cloud.